Installing ClamAV - no omvscan.log file

[bluemike]

I was in the process of installing ClamAV per the 6-2005 KB procedure, and I think I sollowed the instal procedure pretty closely.

I then send myself the EICAR test virus file that I keep on a floppy. It immeadiately came through complete with attached ZIP file. I went to check the /var/opt/scalix/logs/omvscan.log file, only to find that none existed.

I installed the motst current RPM right from ClamAV' s site. I run freshclam and am told everything is up to date.

Is that file some place else?

[ScalixSupport]

It sounds like you may have a typo in your rules file.

Run the commands

Code: Select all

omoff -d 0 router
omon router
omshowlog -p 5

This should highlight any problems with the syntax of the file. If nothing is returned, make sure that the rules file you create is called ALL-ROUTES.VIR (case sensitive).

omvscan.log is created depending on the setting of OMAV_LOGLEVEL in /var/opt/scalix/sys/omvscan.cfg. By default, it is set to 0, i.e. log nothing.
If you make a change to that log level, you will also need to restart the Service Router.

Cheers

Dave

[bluemike]

Ah, I did not realize that file had to be in all caps. SO I renamed it and now I am getting this error:

[SYS 13] Permission denied
File name: /var/opt/scalix/rules/ALL-ROUTES.VIR

I have root set as owner and owner is set with r/w permissions.

[ScalixSupport]

Hi Mike,

The ALL-ROUTES.VIR file is read by the Scalix Service Router which runs as the scalix user. So, you should either chmod the file to 644 or chown it to scalix.

Thanks,
Rachel

[bluemike]

Okay so now 'scalix user' is the owner of the file. I stopped/started the router again. Now when I run omshowlog -p 5, I get this:

[OM 4884] omshowlog : No logged records match the specified criteria

Does that just mean that nothing has happend to log yet?

[ScalixSupport]

Hi Mike,

If you made the changes to /var/opt/scalix/sys/omvscan.cfg and changed the log level to 3, you'll see the output in /var/opt/scalix/logs/omvscan.log, not from the output of omshowlog command. The omvscan.log file is a text file, so you can just cat it.

Thanks,
Rachel

[bluemike]

That file still does not exist at that location.

[ScalixSupport]

Hi Mike,

You are sending the test virus attachment through, right? Is the message going through? If not, then clamd is likely working. Have you increased the audit logging as per the clamAV Tech Note? Do you see the virus being detected in the audit log?

Thanks,
Rachel

[bluemike]

I am sending the EICAR file trough, and it is being received. So that's good. Except it is not ]sending or receiving anything now.

The audit log show non-virus messages coming in, but nothing appears in the inbox of the user. I checked SAC and all the queues are also empty.

[ScalixSupport]

Hi Mike,

If the EICAR file is being received, that's *not* a good thing because it's a test virus and the message should be blocked. That means ClamAV isn't working. If nothing is being received now, it sounds like clamd is either no longer running or is not running with sufficient rights to access mail in the /var/opt/scalix/data subdirectories. The first thing to do is to rename the /var/opt/scalix/rules/ALL-ROUTES.VIR to ALL-ROUTES.VIR.orig, then stop and restart the service router:

cd /var/opt/scalix/rules
mv ALL-ROUTES.VIR ALL-ROUTERS.VIR.orig
omoff -d0 sr
omon sr

Now, mail should be flowing correctly. The messages that weren't sent are in the Error Queue and you need to resubmit those by typing:

omresub -q error

Now, we need to determine if clamd is running and if it has sufficient rights. First type:

ps -aef|grep clamd

and verify that it's running. If it's not, then that's the problem. If it is, then type the following:

cd /var/opt/scalix/data/0000001
clamdscan *

Are you getting permission denied errors? if so, you haven't added the clamd user to the scalix group (see the Tech Note). Make that change and restart clamd. Now redo the clamdscan test above and verify that clamdscan can read the Scalix data files. Once that's working, go back to the /var/opt/scalix/rules subdirectory, rename the ALL-ROUTES.VIR.orig file back and restart the service router.

Thanks,
Rachel